Farewell to the laptop ban – almost

The laptop ban on flights inbound to the US from some Middle Eastern airports is all but dead, regular flyers will be glad to hear.

The Transport Security Administration said on Monday that it was lifting the restriction on Saudi Arabian Airlines flights from Jeddah, and added that officials would visit Riyadh airport “later this week” to make sure that airport now met the tougher new security standards.

The ban was imposed in March by the US administration in response to the threat of explosives being smuggled on board in electronic devices: passengers were prohibited from bringing anything larger than a smartphone on to the plane, with bigger items having to go in checked bags.

The ban has been gradually lifted as airports complied with the US restrictions. Meanwhile, the Department of Homeland Security has beefed up its security requirements for inbound flights, which now include enhanced screening procedures at departure airports, affecting some 325,000 people on around 2,000 flights arriving in the US every day.

And increased security restrictions are a fact of life now for passengers heading for the US: Lisa Farbstein of the TSA told Reuters on Monday that “we’ll be working with global aviation stakeholders to expand security measures even further”.

And we’ve brought you news of how Pepper ran into a drunken customer who took out his anger on the blameless robot, but we’re at a loss to work out how a Knightscope K5 robot ended face-down in the fountains of a Washington DC office block last week.

According to Stacy Dean Stephens of Knightscope, the robot’s watery encounter was “an accident”, and “no people were harmed or involved in any way”.

Dow Jones leaks 2.2m customers’ data

Another day, another leak thanks to a poorly secured data repository in the cloud – this time, the details of at least 2.2m customers of Dow Jones, the financial publishing group.

The leak was discovered by security researchers early last month, and Dow Jones confirmed that the data, including names, addresses and the final four digits of credit cards of subscribers to publications including the Wall Street Journal and Barron’s, had been leaked thanks to a wrongly configured Amazon Web Services S3 cloud storage server.

According to the UpGuard researchers, the server was configured so that any “authenticated user” could download the data if they had the URL of the repository – which in practice meant anyone with a free Amazon AWS account.

Dow Jones told The Hill that it hadn’t notified customers of the breach because the information wasn’t sensitive enough, adding: “This was due to an internal error, not a hack or attack. We have no evidence any of the over-exposed information was taken … [the information] did not include full credit card or account login information that could pose a significant risk for consumers or require notification.”

Lots of sites use the last four digits as part of authentication for password resets, I believe (I think Amazon is one of them), so DowJones reaaaaaally should have told people. Wish this wasn’t the first time we’d seen an example of this (and won’t be the last).